{"affected":[{"ecosystem_specific":{"binaries":[{"ImageMagick-config-6-SUSE":"6.8.8.1-71.231.1","ImageMagick-config-6-upstream":"6.8.8.1-71.231.1","ImageMagick-devel":"6.8.8.1-71.231.1","libMagick++-devel":"6.8.8.1-71.231.1","libMagickCore-6_Q16-1":"6.8.8.1-71.231.1","libMagickWand-6_Q16-1":"6.8.8.1-71.231.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5","name":"ImageMagick","purl":"pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.8.8.1-71.231.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ImageMagick fixes the following issues:\n\n- CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790).\n- CVE-2026-24485: denial of service via malformed PCD file processing (bsc#1258791).\n- CVE-2026-25576: Out of bounds read in multiple coders that read raw pixel data (bsc#1258748).\n- CVE-2026-25795: Denial of Service due to NULL pointer dereference during temporary file creation failure\n  (bsc#1258792).\n- CVE-2026-25796: Memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths\n  (bsc#1258757).\n- CVE-2026-25797: Code injection in various encoders (bsc#1258770).\n- CVE-2026-25799: Division-by-Zero in YUV sampling factor validation leads to crash (bsc#1258786).\n- CVE-2026-25966: Security Policy Bypass through config/policy-secure.xml via 'fd handler' leads to stdin/stdout access\n  (bsc#1258780).\n- CVE-2026-25983: Denial of service via crafted MSL script (bsc#1258805).\n- CVE-2026-25987: Memory disclosure and denial of service via crafted MAP files (bsc#1258821).\n- CVE-2026-25988: Denial of Service due to memory leak in image processing (bsc#1258810).\n- CVE-2026-26066: Infinite loop when writing IPTCTEXT leads to denial of service via crafted profile (bsc#1258769).\n- CVE-2026-26284: Heap overflow in pcd decoder leads to out of bounds read (bsc#1258765).\n- CVE-2026-26983: Invalid MSL <map> can result in a use after free (bsc#1258763).\n- CVE-2026-27799: ImageMagick has a heap Buffer Over-read in its DJVU image format handler (bsc#1259017).\n","id":"SUSE-SU-2026:0854-1","modified":"2026-03-09T15:34:51Z","published":"2026-03-09T15:34:51Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-20260854-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258748"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258757"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258763"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258765"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258769"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258770"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258780"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258786"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258790"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258791"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258792"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258805"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258810"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258821"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259017"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-24484"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-24485"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25576"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25795"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25796"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25797"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25799"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25966"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25983"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25987"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25988"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-26066"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-26284"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-26983"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-27799"}],"related":["CVE-2026-24484","CVE-2026-24485","CVE-2026-25576","CVE-2026-25795","CVE-2026-25796","CVE-2026-25797","CVE-2026-25799","CVE-2026-25966","CVE-2026-25983","CVE-2026-25987","CVE-2026-25988","CVE-2026-26066","CVE-2026-26284","CVE-2026-26983","CVE-2026-27799"],"summary":"Security update for ImageMagick","upstream":["CVE-2026-24484","CVE-2026-24485","CVE-2026-25576","CVE-2026-25795","CVE-2026-25796","CVE-2026-25797","CVE-2026-25799","CVE-2026-25966","CVE-2026-25983","CVE-2026-25987","CVE-2026-25988","CVE-2026-26066","CVE-2026-26284","CVE-2026-26983","CVE-2026-27799"]}